Network connected devices are controlled via the transmission of action messages to prevent or correct conditions that impair the operation of the networked information technology (IT) assets. The service monitoring system (SMS) monitoring the IT environment groups together related notable events that are received during system operation. Automatic processes dynamically determine grouping operations that automatically correlate the events without requiring, for example, a set of declarative grouping rules. Event grouping may be performed on a by-service basis to facilitate the complex processing of predicting undesirable system conditions that may be prevented or reduced by transmission of the action messages to the appropriate assets. Event grouping operations may be directed with control information maintained via user interface.
Legal claims defining the scope of protection, as filed with the USPTO.
3. The method of claim 1, wherein the notable event is generated by applying a correlation search to the machine data associated with the performance alert of the service, wherein the correlation search is defined by a search query, a triggering criterion to be applied to a key performance indicator (KPI) value produced by executing the search query, and a user-defined point in time or period of time.
4. The method of claim 1, wherein comparing the characteristics of the notable event to characteristics of each of the plurality of active group definitions determines an active group definition of the plurality of active group definitions with a highest score characterizing a degree of the notable event matching an event group policy associated with the active group definition.
5. The method of claim 1, wherein each seed group definition of the plurality of seed group definitions is associated with a list of name-value pairs specifying group membership criteria.
6. The method of claim 1, wherein the significance factor associated with the new active group definition is provided by a membership count of the new active group.
7. The method of claim 1, wherein the significance factor associated with the new active group definition is provided by a membership growth rate of the new active group.
12. The system of claim 11, wherein the notable event is generated by applying a correlation search to the machine data associated with the performance alert of the service, wherein the correlation search is defined by a search query, a triggering criterion to be applied to a key performance indicator (KPI) value produced by executing the search query, and a user-defined point in time or period of time.
13. The system of claim 11, wherein comparing the characteristics of the notable event to characteristics of each of the plurality of active group definitions determines an active group definition of the plurality of active group definitions with a highest score characterizing a degree of the notable event matching an event group policy associated with the active group definition.
14. The system of claim 11, wherein each seed group definition of the plurality of seed group definitions is associated with a list of name-value pairs specifying group membership criteria.
16. The non-transitory computer-readable storage medium of claim 15, wherein the notable event is generated by applying a correlation search to the machine data associated with the performance alert of the service, wherein the correlation search is defined by a search query, a triggering criterion to be applied to a key performance indicator (KPI) value produced by executing the search query, and a user-defined point in time or period of time.
17. The non-transitory computer-readable storage medium of claim 15, wherein the service is associated with a stored service definition comprising a set of stored entity definitions of one or more entities that provide the service.
18. The non-transitory computer-readable storage medium of claim 15, wherein comparing the characteristics of the notable event to characteristics of each of the plurality of active group definitions determines an active group definition of the plurality of active group definitions with a highest score characterizing a degree of the notable event matching an event group policy associated with the active group definition.
19. The non-transitory computer-readable storage medium of claim 15, wherein each seed group definition of the plurality of seed group definitions is associated with a list of name-value pairs specifying group membership criteria.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
June 4, 2021
October 15, 2024
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.